[Git][security-tracker-team/security-tracker][master] CVE-2023-36617/ruby2.5,jruby: buster postponed
Sylvain Beucler (@beuc)
beuc at debian.org
Mon Aug 7 19:01:27 BST 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e475358b by Sylvain Beucler at 2023-08-07T20:00:56+02:00
CVE-2023-36617/ruby2.5,jruby: buster postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4785,9 +4785,11 @@ CVE-2023-36617 (A ReDoS issue was discovered in the URI component before 0.12.2
- ruby3.1 <not-affected> (Incomplete fix never applied)
- ruby2.7 <not-affected> (Incomplete fix never applied)
- ruby2.5 <removed>
+ [buster] - ruby2.5 <postponed> (Minor issue, ReDoS)
- jruby <unfixed>
[bookworm] - jruby <not-affected> (Incomplete fix never applied)
[bullseye] - jruby <not-affected> (Incomplete fix never applied)
+ [buster] - jruby <postponed> (Minor issue, ReDoS)
NOTE: https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/
NOTE: https://github.com/ruby/uri/commit/9010ee2536adda10a0555ae1ed6fe2f5808e6bf1
NOTE: https://github.com/ruby/uri/commit/9d7bcef1e6ad23c9c6e4932f297fb737888144c8
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e475358bc65d999e794198822ea24411f562e7b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e475358bc65d999e794198822ea24411f562e7b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230807/3a3cb316/attachment.htm>
More information about the debian-security-tracker-commits
mailing list